By Zach DeMeyer Posted August 14, 2019
Managing users and systems manually is a real pain for IT admins. Thankfully, with JumpCloud® Groups in Directory-as-a-Service®, admins can automate much of their management processes with just a few clicks. If you are just getting started with JumpCloud, or would like to up your Directory-as-a-Service game in general, here’s how to work smarter with JumpCloud Groups.
First things first. Let’s talk about creating Groups. There are two types of Groups available in JumpCloud Directory-as-a-Service: users and systems.
Users Groups consist of users that are joined together and organized based on shared traits. Admins can use JumpCloud User Groups to assign various privileges and access rights. We will get into both of these in more detail a little later.
System Groups can be organized based on operating system (OS) or other factors (once again, more on that in a second). System Groups can be connected to users and groups of users to provide those users access to all of the systems present in a Group.
Both users and systems can exist in multiple Groups.
Groups are one of the most effective forms of identity management automation for IT admins using JumpCloud, especially regarding new user onboarding. Groups can be used to federate access to networks, applications, and more across users and systems at scale. Effectively, IT admins can apply access privileges to their entire organization, or specific segments thereof, in a few simple clicks.
Using Groups, admins can also apply JumpCloud Policies across entire swathes of systems (Windows®, Mac®, and/or Linux®). Policies—used in tandem with Groups—are a JumpCloud analogue to the popular group policy objects (GPOs) of Microsoft® Active Directory®. JumpCloud Policies allow IT admins to finely control security settings and other impactful attributes to manage system settings, so tying them in with Groups enables this control at scale. Of course, the ability to automate at scale is highly dependent upon the way Groups are organized.
Organization with groups is key. Everyone is entitled to organize their Groups based on personal preference, but we find that this hierarchy often works best:
- Organization-wide: Apply company-wide policies that meet up with organization/compliance standards.
- System-wide: Grouping systems based on OS allows for a more fine-tuned way of controlling company/compliance policies on Windows, Mac, and/or Linux using JumpCloud Policies.
- Office-wide: Grouping users/systems based on their location allows for easier RADIUS network and on-prem server/application control, as well as other security requirements based on location.
- Department-wide: Configure application access based on role/permission
Obviously, these are only a few of the ways you can organize your Groups; their capabilities are only limited by how you decide to use them.
How JumpCloud Customers Feel About Groups
In case you aren’t quite sold on Groups, here’s a couple of quotes from actual JumpCloud customers about using Groups in their live JumpCloud environments.
“Now that we have JumpCloud, we can onboard a new hire in a matter of a couple of hours. We use Groups to organize roles, what those roles need access to, and what kind of access they have. We’ve created a form that allows a department to check what resources a new hire needs, and then we just assign a new user to the right Groups according to what boxes were checked. It’s been incredible to go from having new users fully onboarded two weeks after they started, to having them onboarded to everything two weeks in advance.”
– Peter Lasky
Director of Technology
“I was able to set up these cloud RADIUS servers and then create user groups for each office so that people could travel between the offices. I only had to manage a cloud RADIUS instead of on-prem RADIUS infrastructure at every office…
“If someone is an administrator, they can do some pretty heinous stuff on accident. If they use an LDAP browser to modify OpenLDAP, they can inadvertently delete an entire group of users. In fact, this happened to us. An admin was using an LDAP browser and inadvertently deleted the entire stacked users group. That primarily is why I’d prefer to see all of my desktop admins using JumpCloud rather than trying to become an engineer in LDAP to make changes. I can just put an admin with any depth of experience on it, and they can change groups, and they can deactivate people.”
– Andy Halvorsen
Global IT Director
Learn More About Groups
If you are eager to start working smarter with JumpCloud Groups, please consult our Knowledge Base for more information. You can also contact our expert Support staff to get more help with JumpCloud Groups. Our new Premium Support offering can provide you with personalized support, along with 24/7 availability and more.
Never Heard of JumpCloud?
If you’re not an active JumpCloud customer, but are interested in automating your system and user management with Groups, why not contact us to learn more about what Directory-as-a-Service has to offer. You can also schedule a free personalized demo today and see the power of Groups firsthand, along with the full extent of JumpCloud as a whole.
More of a hands-on kind of person? Signing up for JumpCloud provides you with unlimited access to Directory-as-a-Service with ten users to try out Groups and other JumpCloud features, all completely free, no credit card required.